Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis
Once I had to restore an entire organization from shadow copies because the IT director didn’t believe in off-site backups or using endpoint protection. The whole network got a ransomware that included the backups, but did not include the shadow copies on the main file server.
At least I got to help them build a disaster recovery procedure, and pick out a new EDR.
Are shadow copies like snapshots?
Yes, they are essentially file snapshots. Shadow copies in a Microsoft environment at least are basically file history without using file history. So when you modify a file when it’s enabled, it makes a copy of the last version of the file.
But since it’s not meant to be a actual backup solution, it’s meant to be on a file-by-file basis. I think that means they had to go through and manual restore n a file by file basis